Safari webauthn excludeCredentials

Safari is allowing users to create multiple passkeys despite setting the excludeCredentials in PublicKeyCredentialCreationOptions (https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create#excludecredentials). I also included appidExclude(https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API/WebAuthn_extensions#appidexclude) but it was still allowing me to create multiple passkeys on the same iCloud account.

This does not happen in other browsers.

Can anyone point me to any documentation regarding this? Much appreciated

https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API/WebAuthn_extensions#appidexclude

https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create#excludecredentials

Post not yet marked as solved Up vote post of ebdev2024 Down vote post of ebdev2024
278 views
Posted by
ebdev2024
Reply
Add a Comment

Replies

There's a known issue in Safari 17.4 where excludeCredentials was getting ignored. It should be working again in Safari Technology Preview 191. If you're still having issues, please let us know through Feedback Assistant!

Posted by
garrett-davidson
Up vote reply of garrett-davidson Down vote reply of garrett-davidson
Add a Comment

We use webauthn technology to manage crypto assets and because of this issue our users lost a lot of money, please fix it as soon as possible!!!!

Posted by
Xaber
Up vote reply of Xaber Down vote reply of Xaber
Add a Comment